Rainer,
On 10/23/2011 12:19 PM, rj...@apache.org wrote:
> +static const char *find_path_in_uri(const char *uri, const char *path)
> +{
> + size_t len = strlen(path);
> + while (uri = strchr(uri, '/')) {
> + uri++;
> + if (!strncmp(uri, path, len) &&
> + (*(uri + len) == '/' ||
> + strlen(uri) == len)) {
> + return uri;
> + }
> + }Also, 'len' is never updated in the loop, so the call to strncmp could potentially cause a SIGSEGV -- but only in the cases where something truly nefarious is going on, anyway. -chris
signature.asc
Description: OpenPGP digital signature
